<?php
session_start();
/*
***********************************
CopyRight 2011 -Scout4all
***********************************
*/

include"./../functions.php";
if(!isset($_SESSION['username'])){ 
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Untitled Document</title>


<link rel="stylesheet" href="css/menu_style.css" type="text/css" />
</head>

<body>

<div id="login_cont">

<table>
<form name='post' action='login.php' method='POST'>
<tr>
<td>اسم المستخدم</td>
<td><input type="text" name="username"></td>
<tr>
<tr>
<td>كلمه المرور</td>
<td><input type="password" name="password"></td>
<tr>
<tr>
<td align='left'><input type="submit" name="submit" value="تسجيل الدخول"></td>
<td align='right'><input type="reset" name="reset" value="اعادة"></td>
<tr>
</form>
</table>

</div>
</body>
</html>
<?php 

$username=strip_tags($_POST['username']);
$password=md5(strip_tags($_POST['password']));
$submit=$_POST['submit'];
if($submit){
if($username&&$password){
require "./../$config";
$sql = "select * from users where username='$username'";
$query=mysql_query($sql);
$num_rows= mysql_num_rows($query);
//echo $num_rows;
if($num_rows>0){
//echo "hello $username Ur Pass Is $password ";
while($result=mysql_fetch_assoc($query)){
 $db_u_id=$result['u_id'];
 $db_username=$result['username'];
 $db_password=$result['password'];
}
if($username==$db_username &&$password==$db_password){
 if(!isset($_SESSION['username'])&&!isset($_SESSION['u_id'])){
 $_SESSION['username']=$username;
 $_SESSION['u_id']=$db_u_id;
 $_SESSION['u_type']=$db_u_type;
 header("location: index.php");
 }
 }
}
else{
echo"no user found";
}
mysql_close($connection);
}
else{
echo"فضلا اكتب اسم المستخدم و كلمه المرور ";
}
}
}
else{
header("location: index.php");
}
?>